
\ 



Intel Architecture 
Software Developer's 

Manual 

Volume 1: 
Basic Architecture 



NOTE: The Intel Architecture Software Developer's Manual consists of 
three books: Basic Architecture, Order Number 243190; Instruction Set 
Reference Manual, Order Number 243191; and the System Programming 

Guide, Order Number 243192. 
Please refer to all three volumes when evaluating your design needs. 



1997 



Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or 
otherwise, to any intellectual property rights is granted by this document Except as provided in Intel's Terms and Conditions 
of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating 
to sate and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, 
or infringement of any patent, copyright or other intellectual property right Intel products are not intended for use in medical, 
life saving, or life sustaining applications. 

Intel may make changes to specifications and product descriptions at any time, without notice. 

Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." 
Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising 
from future changes to them. 

Intel's Intel Architecture processors (e.g., Pentium® processor, Pentium processor with MMX™ technology, Pentium Pro 
processor, and Pentium II processor) may contain design defects or errors krKrwn as errata which may cause the product to 
deviate from published specifications. Current characterized errata are available on request 

Contact your local Intel sales office or your distributor to otitain the latest specifications and before placing your product 
order. 

Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may be 
obtained from: 

Intel Corporation 

P.O. Box 7641 

Mt Prospect IL 60056-7641 



or call 1-800-879-4683 

or visit Intel's website at http.Wwww.intel.com 

Copyright © Intel Corporation 1996, 1997. 

* Third-party brands and names are the property of their respective owners. 



intel« 



BASIC EXECUTION ENVIRONMENT 



31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 















'■:-.i-A 
























1 


















i 








■& 

i 


m 


i 




m 


m 


i 


rr 


1 






V 


V 


A 


V 


R 


i 


N 


o 


O 


0 


1 


T 


S 


Z 


i 


A 




p 




c 


1 


;,0'i 

9i': 




1 


S 




IPS 




0 


1 

p 


1 

F 


C 


M 


F 


i 


T 


p 

L 


F 


F 


F 


F 


F 


F 


% 
3J 


F 




F 




F 



X ID Flag (ID) 

X Virtual Interrupt Pending (VIP)- 

X Virtual Interrupt Flag (VIF) 

X Alignment Check (AC) 

X Virtual-8086 Mode (VM) 

X Resume Flag (RF) — 

X Nested Task (NT) 



I/O Privilege Level (lOPL) - 

Overflow Flag (OF) 

Direction Flag (DF) 

Interrupt Enable Flag (IF) - 

Trap Flag (TF) 

Sign Flag (SF) 

Zero Flag (ZF) 

Auxiliary Carry Flag (AF) - 

Parity Flag (PF) 

Carry Flag (CF) 



S Indicates a Status Flag 
C Indicates a Control Flag 
X indicates a System Flag 



Reserved bit positions. DO NOT USE. 
Always set to values previously read. 



Figure 3-7, EFLAGS Register 



As the Intel Architecture has evolved, flags have been added to the EFLAGS register, but the 
function and placement of existing flags have remained the same from one family of the Intel 
Architecture processors to the next. As a result, code that accesses or modifies these flags for 
one family of Intel Architecture processors works as expected when run on later families of 
processors. 



3.6,3.1. STATUS FLAGS 

The status flags (bits 0, 2, 4, 6, 7, and 1 1) of the EFLAGS register indicate the results of arith- 
metic instructions, such as the ADD, SUB, MUL, and DIV instructions. The functions of the 
status flags are as follows: 

CF (bit 0) Carry flag. Set if an aridimetic operation generates a carry or a borrow out 

of the most-significant bit of the result; cleared otherwise. This flag indi- 
cates an overflow condition for unsigned-integer arithmetic. It is also used 
in multiple-precision arithmetic. 
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PF (bit 2) 



Parity flag. Set if the least-significant byte of the result contains an even 
number of 1 bits; cleared otherwise. 



AF (bit 4) 



Adjust flag. Set if an arithmetic operation generates a carry or a borrow 
out of bit 3 of the result; cleared otherwise. This flag is used in binary- 
coded decimal (BCD) arithmetic. 



ZF (bit 6) 



Zero flag. Set if the result is zero; cleared otherwise. 



SF (bit 7) 



Sign flag. Set equal to the most-significant bit of the result, which is the 
sign bit of a signed integer. (0 indicates a positive value and 1 indicates a 
negative value.) 



OF (bit 11) 



Overflow flag. Set if the integer result is too large a positive number or 
too small a negative number (excluding the sign-bit) to fit in the destina- 
tion operand; cleared otherwise. This flag indicates an overflow condition 
for signed-integer (two's complement) arithmetic. 



Of these status flags, only the CF flag can be modified directly, using the STC, CLC, and CMC 
instructions. Also the bit instructions (BT, BTS, BTR, and BTC) copy a specified bit into the CF 
flag. 

The status flags allow a single arithmetic operation to produce results for three different data 
types: unsigned integers, signed integers, and BCD integers. If the result of an arithmetic oper- 
ation is U-eated as an unsigned integer, the CF flag indicates an out-of-range condition (carry or 
a borrow); if treated as a signed integer (two's complement number), the OF flag indicates a 
carry or borrow; and if treated as a BCD digit, the AF flag indicates a carry or borrow. The SF 
flag indicates the sign of a signed integer. The ZF flag indicates either a signed- or an unsigned- 
integer zero. 

When performing multiple-precision arithmetic on integers, the CF flag is used in conjunction 
with the add widi carry (ADC) and subtract with borrow (SBB) instructions to propagate a carry 
or borrow from one computation to the next. 

The condition instructions Jcc (jump on condition code cc), SETcc (byte set on condition code 
cc), LOOPcc, and CMOVcc (conditional move) use one or more of the status flags as condition 
codes and test them for branch, set-byte, or end-loop conditions. 

3.6.3.2. DF FLAG 

The direction flag (DF, located in bit 10 of the EFLAGS register) controls the string instructions 
(MOVS, CMPS, SCAS, LODS, and STOS). Setting the DF flag causes the string instructions to 
auto-decrement (that is, to process strings from high addresses to low addresses). Clearing the 
DF flag causes the string instructions to auto-increment (process strings from low addresses 
to high addresses). 

The STD and CLD instructions set and clear the DF flag, respectively. 
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The CWD instruction copies the sign (bit 15) of the word in the AX register into every bit posi- 
tion in the DX register. The CDQ instruction copies the sign (bit 31) of the doubleword in the 
EAX register into every bit position in the EDX register The CWD instruction can be used to 
produce a doubleword dividend from a word before a word division, and the CDQ instruction 
can be used to produce a quadword dividend from a doubleword before doubleword division. 

6.3.2,3. MOVE AND CONVERT 

The MOVSX (move with sign extension) and MOVZX (move with zero extension) instructions 
move the source operand into a register then perform the sign extension. 

The MOVSX instruction extends an 8-bit value to a 16-bit value or an 8- or 16-bit value to 32-bit 
value by sign extending the source operand, as shown in Figure 6-5. The MOVZX instruction 
extends an 8-bit value to a 16-bit value or an 8- or 16-bit value to 32-bit value by zero extending 
the source operand. 



The binary arithmetic instructions operate on 8-, 16-, and 32-bit numeric data encoded as signed 
or unsigned binary integers. Operations include the add, subtract, multiply, and divide as well as 
increment, decrement, compare, and change sign (negate). The binary arithmetic instructions 
may also be used in algorithms that operate on decimal (BCD) values. 



6.4.1- Addition and Sobtiractioo Dnstrocltoons 

The ADD (add integers), ADC (add integers with carry), SUB (subtract integers), and SBB 
(subtract integers with borrow) instructions perform addition and subtraction operations on 
signed or unsigned integer operands. 

The ADD instruction computes the sum of two integer operands. 

The ADC instruction computes the sum of two integer operands, plus 1 if the CF flag is set. This 
instruction is used to propagate a carry when adding numbers in stages. 

The SUB instruction computes the difference of two integer operands. 

The SBB insUuction computes the difference of two integer operands, minus 1 if die CF flag is 
set. This instruction is used to propagate a borrow when subtracting numbers in stages. 



6.4.2. Incifeinnient and Decirement Instroctoons 

The INC (increment) and DEC (decrement) instructions add 1 to or subtract 1 from an unsigned 
integer operand, respectively. A primary use of these instructions is for implementing counters. 



6.4. BIMARY AR«TH[\/iETlC JNSTRUCTJONS 
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6.4.3. Comparison and Sign Change Instruction 

The CMP (compare) instruction computes the difference between two integer operands and 
updates the OF, SF, ZF, AF, PF, and CF flags according to the result. The source operands are 
not modified, nor is the result saved. The CMP instruction is commonly used in conjunction with 
a Jcc (jump) or SETcc (byte set on condition) instruction, with the latter instructions performing 
an action based on the result of a CMP instruction. 

The NEC (negate) instruction subtracts a signed integer operand from zero. The effect of the 
NEG instruction is to change the sign of a two's complement operand while keeping its 
magnitude. 

6.4.4. Multiplication and Divide Instructions 

The processor provides two multiply instructions, MUL (unsigned multiply) and IMUL signed 
multiply), and two divide instructions, DIV (unsigned divide) and IDIV (signed divide). 

The MUL instruction multiplies two unsigned integer operands. The result is computed to twice 
the size of the source operands (for example, if word operands are being multiplied, the result is 
a double word). 

The IMUL instruction multiplies two signed integer operands. The result is computed to twice 
the size of the source operands; however, in some cases the result is truncated to the size of the 
source operands (see "IMUL — Signed Multiply" in Chapter 3 of the Intel Architecture Software 
Developer*s Manual, Volume 2). 

The DIV instruction divides one unsigned operand by another unsigned operand and returns a 
quotient and a remainder. 

The IDIV instruction is identical to the DIV instruction, except that IDIV performs a signed 
division. 



Decimal arithmetic can be performed by combining the binary arithmetic instructions ADD, 
SUB, MUL, and DIV (discussed in Section 6.4., "Binary Arithmetic Instructions") with the 
decimal arithmetic instructions. The decimal arithmetic instructions are provided to carry out the 
following operations: 

• To adjust the results of a previous binary arithmetic operation to produce a valid BCD 



• To adjust the operands of a subsequent binary arithmetic operation so that the operation 
will produce a valid BCD result. 

These instructions operate only on both packed and unpacked BCD values. 



6.5. 



DECIMAL ARITHMETIC INSTRUCTIONS 



result. 
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6.8.4. Test Instruction 

The TEST instruction performs a logical AND of two operands and sets the SF, ZF, and PF flags 
according to the results. The flags can then be tested by the conditional jump or loop instructions 
or the SETcc instructions. The TEST instruction differs from the AND instruction in that it does 
not alter either of the operands. 



The processor provides both conditional and unconditional control transfer instructions to direct 
the flow of program execution. Conditional transfers are taken only for specified states of the 
status flags in the EFLAGS register. Unconditional control transfers are always executed. 



6.9.1 . Unconditional Transfer Instructions 

The JMP, CALL, RET, INT, and IRET instructions transfer program control to another location 
(destination address) in the instruction stream. The destination can be within the same code 
segment (near transfer) or in a different code segment (far transfer). 

6.9.1 .1 . JUMP INSTRUCTION 

The JMP (jump) instruction unconditionally transfers program control to a destination instruc- 
tion. The transfer is one-way; that is, a return address is not saved. A destination operand spec- 
ifies the address (the instruction pointer) of the destination instruction. The address can be a 
relative address or an absolute address. 

A relative address is a displacement (offset) with respect to the address in the EIP register The 
destination address (a near pointer) is formed by adding the displacement to the address in the 
EIP register The displacement is specified with a signed integer, allowing jumps either forward 
or backward in the instruction stream. 

An absolute address is a offset from address 0 of a segment. It can be specified in either of the 
following ways: 

• An address in a general-purpose register. This address is treated as a near pointer, which 
is copied into the EIP register. Program execution then continues at the new address within 
the current code segment. 

• An address specified using the standard addressing modes of the processor. Here, the 
address can be a near pointer or a far pointer. If the address is for a near pointer, the address 
is translated into an offset and copied into the EIP register. If the address is for a far pointer, 
the address is translated into a segment selector (which is copied into the CS register) and 
an offset (which is copied into the EIP register). 

In protected mode, the JMP instruction also allows jumps to a call gate, a task gate, and a task- 
state segment. 



6.9. 
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6.9.1 .2. CALL AND RETURN INSTRUCTIONS 

The CALL (call procedure) and RET (return from procedure) instructions allow a jump from 
one procedure (or subroutine) to another and a subsequent jump back (return) to the calling 



The CALL instruction transfers program control from the current (or calling procedure) to 
another procedure (the called procedure). To allow a subsequent return to the calling procedure, 
the CALL instruction saves the current contents of the EIP register on the stack before jumping 
to the called procedure. The EIP register (prior to Uransferring program control) contains the 
address of the instruction following the CALL instruction. When this address is pushed on the 
stack, it is referred to as the return instruction pointer or return address. 

The address of the called procedure (the address of the first instruction in the procedure being 
jumped to) is specified in a CALL instruction the same way as it is in a JMP instruction (see 
Section 6.9,1.1., "Jump Instruction"). The address can be specified as a relative address or an 
absolute address. If an absolute address is specified, it can be either a near or a far pointer. 

The RET instruction transfers program control from the procedure currendy being executed (the 
called procedure) back to the procedure that called it (the calling procedure). Transfer of control 
is accomplished by copying the return instruction pointer from the stack into the EIP register. 
Program execution then continues with the instruction pointed to by the EIP register. 

The RET instruction has an optional operand, the value of which is added to the contents of the 
ESP register as part of the return operation. This operand allows the stack pointer to be incre- 
mented to remove parameters from the stack that were pushed on the stack by the calling 
procedure. 

See Section 4.3., "Calling Procedures Using CALL and RET", for more information on the 
mechanics of making procedure calls with the CALL and RET instructions. 

6.9.1 .3, RETURN FROM INTERRUPT INSTRUCTION 

When the processor services an interrupt, it performs an implicit call to an interrupt-handling 
procedure. The IRET (return from interrupt) instruction returns program control from an inter- 
rupt handler to the interrupted procedure (that is, the procedure that was executing when the 
interrupt occurred). The IRET instruction performs a similar operation to the RET instruction 
(see Section 6.9.1.2., "Call and Return Instructions") except that it also restores the EFLAGS 
register from the stack. The contents of the EFLAGS register are automatically stored on the 
stack along with the return instruction pointer when the processor services an interrupt. 



6.9.2. Conditional Transfer Instructions 

The conditional transfer instructions execute jumps or loops that transfer program control to 
another instruction in the instruction stream if specified conditions are met. The conditions for 
control transfer are specified with a set of condition codes that define various states of the status 
flags (CP, ZF, OF, PF, and SF) in the EFLAGS register. 



procedure. 
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6,9.2.1 . CONDITIONAL JUMP INSTRUCTIONS 

The ice (conditional) jump instructions transfer program control to a destination instruction if 
the conditions specified with the condition code (cc) associated with the instruction are satisfied 
(see Table 6-4). If the condition is not satisfied, execution continues with the instruction 
following the ice instruction. As with the JMP instruction, the transfer is one-way; that is, a 
return address is not saved. 



Table 6-4. Conditional Jump Instructions 



Instruction Mnemonic 


Condition (Flag States) 


Description 


Unsigned Conditional Jumps 






JA/JNBE 


(CF or ZF)=0 


Above/not below or equal 


JAE/JNB 


CF=0 


Above or equal/not below 


JB/JNAE 


CF=1 


Below/not above or equal 


JBE/JNA 


(CForZF)=1 


Below or equal/not above 


JC 


CF=1 


Carry 


JE/JZ 


ZF=1 


Equal/zero 


JNC 


CF=0 


Not carry 


JNE/JNZ 


ZF=0 


Not equal/not zero 


JNP/JPO 


PF=0 


Not parity/parity odd 


JP/JPE 


PF=1 


Parity/parity even 


JCXZ 


cx=o 


Register CX Is zero 


JECXZ 


ECX=0 


Register ECX is zero 


Signed Conditional Jumps 






JG/JNLE 


((SFxorOF)orZF)=0 


Greater/not less or equal 


JGE/JNL 


(SF xor OF)=0 


Greater or equal/not less 


JL7JNGE 


(SF xor OF)=1 


Less/not greater or equal 


JLE/JNG 


((SFxorOF)orZF)=1 


Less or equal/not greater 


JNO 


OF=0 


Not overflow 


JNS 


SF=0 


Not sign (non-negative) 


JO 


OF=1 


Overflow 


JS 


SF=1 


Sign (negative) 



The desdnation operand specifies a relative address (a signed offset with respect to the address 
in the EIP register) that points to an instruction in the current code segment. The Jcc instructions 
do not support far transfers; however, far transfers can be accomplished with a combination of 
a Jcc and a JMP instruction (see "Jcc— Jump if Condition Is Met" in Chapter 3 of the Intel Archi- 
tecture Software Developer's Manual, Volume 2). 
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Table 6-4 shows the mnemonics for the Jcc instructions and the conditions being tested for each 
instruction. The condition code mnemonics are appended to the letter "J" to form the mnemonic 
for a Jcc instruction. The instructions are divided into two groups: unsigned and signed condi- 
tional jumps. These groups correspond to the results of operations performed on unsigned and 
signed integers, respectively. Those instructions listed as pairs (for example, JA/JNBE) are alter- 
nate names for the same instruction. The assembler provides these alternate names to make it 
easier to read program listings. 

The JCXZand JECXZ instructions test the CX and ECX registers, respectively, instead of one 
or more status flags. See Section 6.9.2.3., "Jump If Zero Instructions" for more information 
about these instructions. 

6.9.2.2. LOOP INSTRUCTIONS 

The LOOP, LOOPE (loop while equal), LOOPZ (loop while zero), LOOPNE (loop while not 
equal), and LOOPNZ (loop while not zero) instructions are conditional jump instructions that 
use the value of the ECX register as a count for the number of times to execute a loop. All the 
loop instructions decrement the count in the ECX register each time they are executed and termi- 
nate a loop when zero is reached. The LOOPE, LOOPZ, LOOPNE, and LOOPNZ instructions 
also accept the ZF flag as a condition for terminating the loop before the count reaches zero. 

The LOOP instruction decrements the contents of the ECX register (or the CX register, if the 
address-size attribute is 16), then tests the register for the loop-termination condition. If the 
count in the ECX register is non-zero, program control is transferred to the instruction address 
specified by the destination operand. The destination operand is a relative address (that is, an 
offset relative to the contents of the EIP register), and it generally points to the first instruction 
in the block of code that is to be executed in the loop. When the count in the ECX register 
reaches zero, program control is transferred to the instruction immediately following the 
LOOP instruction, which terminates the loop. If the count in the ECX register is zero when the 
LOOP instruction is first executed, the register is pre-decremented to FFFFFFFFH, causing the 
loop to be executed 2^'^ times. 

The LOOPE and LOOPZ instructions perform the same operation (they are mnemonics for the 
same instruction). These instructions operate the same as the LOOP instruction, except that they 
also test the ZF flag. If the count in the ECX register is not zero and the ZF flag is set, program 
control is transferred to the destination operand. When the count reaches zero or the ZF flag is 
clear, the loop is terminated by transferring program control to the instruction immediately 
following the LOOPE/LOOPZ instruction. 

The LOOPNE and LOOPNZ instructions (mnemonics for the same instruction) operate the 
same as the LOOPE/LOOPPZ instructions, except that they terminate the loop if the ZF flag 
is set. 

6.9.2.3. JUMP IF ZERO INSTRUCTIONS 

The JECXZ (jump if ECX zero) instruction jumps to the location specified in the destination 
operand if the ECX register contains the value zero. This instruction can be used in combination 
with a loop instruction (LOOP, LOOPE, LOOPZ, LOOPNE, or LOOPNZ) to test the ECX 
register prior to beginning a loop. As described in Section 6.9.2,2., "Loop Instructions", the loop 
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ADD— Add 



Opcode 


Instruction 


DescriDtion 


04 ib 


ADD ALJmmS 


Add immS to AL 


05 iw 


ADD AX,imm16 


Add /mm ?6 to AX 


05 id 


ADD EAXJmm32 


Add imm32 to EAX 


80 /O ib 


ADD r/m8Jmm8 


Add imnriR tn r/mR 


81 /O iw 


ADD r/m16,imm16 


Add imm16 io r/m16 


81 /O /d 


ADD r/m32,imm32 


Add /mm32 to r/m32 


83 /O /t> 


ADD r/m16,imm8 


Add sign-extended imm8 to r/m16 


83 /O /b 


ADD r/m32Jmm8 


Add sign-extended /mm5 to r/m32 


00 //- 


ADD r/m5,r5 


Add r5 to r/m5 


01 fr 


ADD r/m16,r16 


Add rreto r/m/e 


01 /r 


ADD r/m32j32 


Add r32 to r/m32 


02 /r 


ADD r5,r/m5 


Add r/m5 to r8 


03 /r 


ADD r16,r/m16 


Add r/m 76 to rre 


03 /r 


ADD r32j/m32 


Add r/m32 to r^^ 



Description 

Adds the first operand (destination operand) and the second operand (source operand) and stores 
the result in the destination operand. The destination operand can be a register or a memory 
location; the source operand can be an immediate, a register, or a memory location. (However, 
two memory operands cannot be used in one instruction.) When an inmiediate value is used as 
an operand, it is sign-extended to the length of the destination operand format. 

The ADD instruction does not distinguish between signed or unsigned operands. Instead, the 
processor evaluates the result for both data types and sets the OF and CF flags to indicate a carry 
in the signed or unsigned result, respectively. The SF flag indicates the sign of the signed result. 

Operation 

DEST ^ DEST + SRC; 

Flags Affected 

The OF, SF, ZF, AF, CF, and PF flags are set according to the result. 
Protected Mode Exceptions 

#GP(0) If the destination is located in a nonwritable segment. 

If a memory operand effective address is outside the CS, DS, ES, FS, or 
GS segment limit. 

If the DS, ES, FS, or GS register is used to access memory and it contains 
a null segment selector. 
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ADD— Add (Continued) 

#SS(0) If a memory operand effective address is outside the SS segment limit. 

#PF(fauIt-code) If a page fault occurs. 



#AC(0) 



If alignment checking is enabled and an unaligned memory reference is 
made while the current privilege level is 3. 



Real-Address Mode Exceptions 



#GP 
#SS 



If a memory operand effective address is outside the CS, DS, ES, FS, or 
GS segment linnit. 

If a memory operand effective address is outside the SS segment limit. 



Virtual-8086 Mode Exceptions 



#GP(0) 



#AC(0) 



If a memory operand effective address is outside the CS, DS, ES, FS, or 
GS segment limit. 



#SS(0) If a memory operand effective address is outside the SS segment limit. 

#PF(fault-code) If a page fault occurs. 



If alignment checking is enabled and an unaligned memory reference is 
made. 
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Jc(>— Jump if Condition Is Met 



upcoue 


mail ut^iiuii 


DGScription 


/ ( CD 


|A r-p//? 


Jump short if above (CF=0 and ZF=0) 


76 CD 


dr\C iGlO 


JumD short if above or eaual fCF=0) 


7^ CD 


jD rc?/o 


.liimn <5hort If below fCF=1^ 


/D CO 


IRC r^io 


Iiimn <5hort if below or eaual fCF=1 or ZF=1) 


(d CD 


IP mW 


.himn *?hort if carrv ^CF=1^ 


to CD 




Jiimn <5hnrt if OX reolster is 0 


to CD 


IFPY7 r^//? 


.liimn <5hort if ECX reaister is 0 


/4 CD 


IF r^iW 


Jtjmn short if eaual fZF=1 ) 


7r CD 


jvji re/o 


liimn Qhnrt if nrpatpr ^7F— 0 and SF=OF) 


/U CD 




liimn shnrt if nrpatpr or paual ^SF=OF^ 


/U CD 


\\ rata 


liimn <?hort if lp<5*5 ^RFoOF^ 


7E CD 


JLt re/o 


Inmn <ihnrt if Ipqq or pnuAl f7F— 1 Of SFoOFl 


76 CD 


IMA ra/P 


liimn Qhnrt if not ;5hovp ^CF=1 or ZF=11 

uuiii^ oiiuii 11 itui OLj w V c; — 1 ^^1 ^1 1 y 


fd CD 


JINMC rtr/O 


liimn <>hnrt if not above or eaual (CF=1^ 

OvIIIIL^ Ol IWI I It ll*Jl O.U\Jw\^ \Jt \ / 


/O CD 




Jumn <5hort if not below ^CF=0^ 


77 

f f CD 




Jumn short if not below or eaual (CF=0 and ZF=0) 


/o CD 


IMP naW 


liimn <5hnrt if not carrv fCF=0) 


/O CD 


IMC /-p/O 


Jumn *5hort if not eaual (ZF=0) 

\JUIIIL^ OIIV^I I ii llwv vuut-Ai y^^f ^/ 


7P 

/t CD 


UINVJ] / CIO 


Jump short if not greater (ZF=1 or SFoOF) 


7n nh 
/U CD 




Jump short if not greater or equal (SFoOF) 


7n /"h 
iiJ CD 


INI rpW 


Jump short if not less (SF=OF) 


f 1 


JNLE re/S 


Jump short if not less or equal (ZF=0 and SF=OF) 


71 r-h 
/ 1 CD 




Jump short if not overflow (OF=0) 


7R /-h 
/D CD 


IMP r-pW 


Jump short if not parity (PF=0) 


7Q rh 


JNS re/5 


Jump short if not sign (SF=0) 


7(^ /^h 
/O CD 




Jump short if not zero (ZF=0) 




JO re/S 


Jump short if overflow (OF-1 ) 




JP re/S 


Jump short if parity (PF=1) 


7A rh 


JpF rp/5 


Jump short if parity even (PF=1 ) 


7R rh 

/ D CL/ 


JPO rel8 


Jump short If parity odd (PF=0) 


78 cb 


JS re/S 


Jump short if sign (SF=1) 


74 c6 


JZ re/5 


Jump short if zero (ZF = 1) 


OF 87 cw/cd 


JA rel16/32 


Jump near if above (CF=0 and ZF=0) 


OF 83 cw/cd 


JAE re/76/32 


Jump near if above or equal (CF=0) 


OF 82 cw/cd 


JB rel16/32 


Jump near if below (CF=1 ) 


OF 86 cw/cd 


JBE re/)5/32 


Jump near If below or equal (CF=1 or ZF=1 ) 


OF 82 civ/ccf 


JC rel16/32 


Jump near if carry {CF=1) 


OF 84 cw/cd 


JE rel16/32 


Jump near if equal (ZF=1 ) 


OF 84 cw/cd 


JZ roll 6/32 


Jump near if 0 (ZF=1 ) 


OF 8F cw/cd 


JG rel16/32 


Jump near if greater (ZF=0 and SF=OF) 
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Jcc— Jump if Condition Is Met (Continued) 



Opcode 


insiiuciion 


Description 


Ur OU CW/CU 


Ir^P rati fZ/^O 


Jump nesr if greater or ec]ual (SF=OF) 


Ur o\j CW/CQ 


JL reno/o^ 


Jump near if less (SFoOF) 


Or ot CW/CQ 


J Lb reiio/od 


Jump near if less or equal (ZF=1 or SFoOF) 


Ur ob CW/CQ 


JNA re 11 0/0^ 


Jump near if not above (CF=1 or ZF=1) 


\jr od CW/CQ 


jNAt reiio/OiC 


Jump near if not above or equal (CF=1) 


Ur OO CW/CQ 


JInd reilo/ok: 


Jump near if not below (CF=0) 


Ur 0/ CW/CQ 


J IN tit reuo/o^: 


Jump near If not below or equal (CF=0 and ZF=0) 


Or 83 CW/COf 


JNU feno/oZ 


Jump near if not carry (CF=0) 


Or 85 CW/CQ 


JNb re 11 0/32 


Jump near if not equal (ZF=0) 


Or Oil CW/CQ 


^jv\\zx te\io/od 


Jump near if not greater (ZF=1 or SFoOF) 


Ur oO CW/CQ 




Jump near if not greater or equal (SFoOF) 


Or oU CW/Cu 


JNL reiio/o^ 


Jump near it not less (br=Or) 


Or or CW/Cu 


JNLt feUo/oii 


Jump near if not less or equal (ZF=0 and SF=OF) 


ur 0 1 CW/Cu 




jump near it noi over now ^wr — u) 


OF SB cw/cd 


JNP rel16/32 


Jump near if not parity (PF=0) 


OF 89 cw/cd 


JNS rel16/32 


Jump near if not sign (SF=0) 


OF 85 cw/cd 


JNZ rel16/32 


Jump near if not zero (ZF=0) 


OF 80 cw/cd 


JO rei16/32 


Jump near if overflow (0F=1) 


OF 8A cw/ccf 


JP rel16/32 


Jump near if parity (PF=1) 


OF 8A cw/cd 


JPE re/76/32 


Jump near if parity even (PF=1) 


OF 8B cw/cd 


JPO rel16/32 


Jump near if parity odd (PF=0) 


OF 88 cw/cd 


JS rel16/32 


Jump near if sign (SF=1) 


OF 84 cw/cd 


JZ rel16/32 


Jump near if 0 (ZF=1) 



Description 

Checks the state of one or more of the status flags in the EFLAGS register (CF, OF, PF, SF, and 
ZF) and, if the flags are in the specified state (condition), performs a jump to the target instruc- 
tion specified by the destination operand. A condition code (cc) is associated with each instruc- 
tion to indicate the condition being tested for. If the condition is not satisfied, the jump is not 
performed and execution continues with the instruction following the Jcc instruction. 

The target instruction is specified with a relative offset (a signed offset relative to the current 
value of the instruction pointer in the EIP register), A relative offset (rel8, rell6, or rel32) is 
generally specified as a label in assembly code, but at the machine code level, it is encoded as a 
signed, 8-bit or 32-bit immediate value, which is added to the instruction pointer. Instruction 
coding is most efficient for offsets of -128 to +127. If the operand-size attribute is 16, the upper 
two bytes of the EIP register are cleared to Os, resulting in a maximum instruction pointer size 
of 16 bits. 
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Jcc^ump if Condition Is Met (Continued) 

The conditions for each Jcc mnemonic are given in the "Description" column of the table on the 
preceding page. The terms "less" and "greater" are used for comparisons of signed integers and 
the terms "above" and "below" are used for unsigned integers. 

Because a particular state of the status flags can sometimes be interpreted in two ways, two 
mnemonics are defined for some opcodes. For example, the JA (jump if above) instruction and 
the JNBE Ournp if not below or equal) instruction are alternate mnemonics for the opcode 77H. 

The Jcc instruction does not support far jumps (jumps to other code segments). When the target 
for the conditional jump is in a different segment, use the opposite condition from the condition 
being tested for the Jcc instruction, and then access the target with an unconditional far jump 
(JMP instruction) to the other segment. For example, the following conditional far jump is 
illegal: 

JZ FARLABEL; 

To accomplish this far jump, use the following two instructions: 

JNZ BEYOND; 
JMP FARLABEL; 
BEYOND : 

The JECXZ and JCXZ instructions differs from die other Jcc instructions because they do not 
check the status flags. Instead they check the contents of the ECX and CX registers, respectively, 
for 0. Either the CX or ECX register is chosen according to the address-size attribute. These 
instructions are useful at the beginning of a conditional loop that terminates with a conditional 
loop instruction (such as LOOPNE), They prevent entering the loop when the ECX or CX 
register is equal to 0, which would cause the loop to execute 2^^ or 64K times, respectively, 
instead of zero times. 

All conditional jumps are converted to code fetches of one or two cache lines, regardless 
of jump address or cacheability. 

Operation 

IF condition 
THEN 

EIP <- EIP + SignExtend(DEST); 
IF OperandSize = 16 
THEN 

EIP ^ EIP AND GOOOFFFFH; 

Fl; 

Fl; 

Flags Affected 

None, 



1 
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Jco— Jump if Condition Is Met (Continued) 

Protected Mode Exceptions 

#GP(0) If the offset being jumped to is beyond the limits of the CS segment. 

Real-Address Mode Exceptions 

#GP If the offset being jumped to is beyond the limits of the CS segment or is 

outside of the effective address space from 0 to FFFFH. This condition can 
occur if 32-address size override prefix is used. 

Virtual-8086 Mode Exceptions 

#GP(0) If the offset being jumped to is beyond the limits of the CS segment or is 

outside of the effective address space from 0 to FFFFH. This condition can 
occur if 32-address size override prefix is used. 
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